Whats New in the NIST Cybersecurity Framework 2.0

  /     /     /  
Publicated : 23/11/2024   Category : security


Whats New in the NIST Cybersecurity Framework 2.0


Update to the NIST framework adds new govern function for cybersecurity.



First introduced nearly a decade ago as technical cybersecurity guidance for critical infrastructure interests like energy, banking, and hospitals, the National Institute for Standards and Technology (NIST)s Cybersecurity Framework just got an update — and its now aimed at organizations of all sizes.
The new version 2.0 of the popular NIST Cybersecurity Framework has expanded beyond the original frameworks five functions of an effective cybersecurity program — identify, protect, detect, respond, and recover — and added a sixth, govern.
It emphasizes that cybersecurity is a major source of enterprise risk, ranking alongside legal, financial and other risks as considerations for senior leadership, NISTs new guidelines — still in the draft phase — said.
The new framework is also intended to help support organizations of all sizes, the agency said.
With this update, we are trying to reflect current usage of the
Cybersecurity Framework
, and to anticipate future usage as well, NISTs lead developer of the framework, Cherilyn Pascoe, said in the
CSF 2.0 release
on Aug. 8. The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful everywhere from schools and small businesses to local and foreign governments.
In a statement sent to Dark Reading, Bud Broomhead, CEO at Viakoo, explained that the new NIST update doesnt just help organizations with basic cybersecurity functions — it expands to other areas of the enterprise as well.
By expanding the scope of the NIST framework to all forms of organizations (not just critical infrastructure) is an acknowledgment of how every organization faces
cyber threats
and needs to have a plan in place for managing cyber hygiene and incident response, Broomhead said. This is already the case with cyber insurance, and NISTs recent update will help organizations not just reduce their threat landscape but also be better positioned for compliance, audit, and insurance requirements on cybersecurity.
The update is something that Joseph Carson, chief security scientist and advisory CISO with Delinea, praised as an excellent refresh.
Its great to see the framework moving on from simply a focus of
critical infrastructure
organizations and adapting to cybersecurity threats by providing guidance to all sectors, Carson said in a statement. This includes the new Govern pillar acknowledging the changes in the way organizations now respond to threats to support their overall cybersecurity strategy.
NIST is gathering comments on the draft CSF 2.0 until Nov. 4.

Last News

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Whats New in the NIST Cybersecurity Framework 2.0